US 11916893

US Patent 11916893, titled "Embedded universal integrated circuit card supporting two-factor authentication," was issued on February 27, 2024. It lists John A. Nix as the inventor. The current assignees are Network 1 Technologies Inc and M2M and IoT Technologies LLC, with Network 1 Technologies Inc also being the original assignee. The patent was filed on December 10, 2021.

Abstract:
The patent describes methods and systems for employing an embedded universal integrated circuit card (eUICC) to facilitate two-factor authentication. A module equipped with an eUICC receives a first profile from an eUICC subscription manager, which includes a first network module identity and a first key K. The module then uses these credentials to perform a primary authentication with a mobile network operator. Following this, a user associated with the module conducts a secondary authentication with the mobile network operator. Upon successful completion of the second authentication, the module receives a symmetric key. This key is used by the module to decrypt a second network module identity and a second key K from the initially received profile, enabling the module to perform a subsequent authentication with the mobile network operator using these newly decrypted credentials.

Independent Claims Overview:

• Claim 1: This claim describes a method where a device (module) with an embedded SIM (eUICC) receives a profile containing a first network identifier and a secret key (Key K) from an eUICC manager. The module uses these to perform an initial authentication with a mobile network. A user then performs a second authentication. Only after this second authentication does the module receive a symmetric key, which it uses to decrypt a second network identifier and a second secret key from the same profile.
• Claim 7: This method focuses on the secure distribution of the eUICC profile. The eUICC in the module stores a private key, while the eUICC manager holds the corresponding public key. The manager encrypts the profile with an eUICC profile key, then encrypts that profile key using the eUICC public key. The eUICC receives and decrypts the encrypted profile key with its private key to get the plaintext profile key. This plaintext profile key is then used by the eUICC to decrypt the main profile, revealing the first secret key (Key K) and first network identifier.
• Claim 14: This claim outlines a method where the eUICC in a module receives a profile with a first network identifier and a null (zero) value for the first secret key (Key K). This null key allows the module to perform an initial authentication, granting it limited access to an Internet Protocol (IP) network. A user then completes a second authentication with the mobile network operator using this limited IP access. After the second authentication, the module receives a symmetric key to decrypt a second network identifier and a valid second secret key from the eUICC profile.
• Claim 20: This method details how a module with an eUICC receives a profile containing a first network identifier and a first secret key (Key K) from an eUICC manager, and then uses these to perform an initial authentication with a mobile network. Subsequently, both the module and the mobile network operator exchange a "token" and collaboratively generate (derive) a second secret key (Key K) using this token and a predefined key derivation algorithm.

Litigation Status:
The patent is currently active. There is ongoing litigation related to this patent family, including a PTAB (Patent Trial and Appeal Board) case, IPR2026-00119, which was filed and is currently pending. Additionally, a US case (2:25-cv-00667) has been filed in the Texas Eastern District Court. While these cases are noted, a specific CAFC (Court of Appeals for the Federal Circuit) 2026 docket number for this patent is not explicitly identified in the provided information.